WARNING - OLD ARCHIVES

Eren Türkay <turkay.eren@xxxxxxxxx> · Thu, 8 May 2008 18:00:24 +0300

Hello,
Today, a security flaw in Qemu was released at secunia [0] which was fixed in 
qemu svn repository.
Xen uses part of a qemu code including "vl.c" in which the security flaw 
appeared. I suspect that Xen is effected by this vulnerability too but I 
couldn't find same lines in vl.c and I'm not sure about it.
Could someone look at this issue and shed a light? If Xen is effected, I would 
really appreciate a patch.
[0] http://secunia.com/advisories/30111/
My best regards,
Eren
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

To:	xen-devel@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-devel] QEMU "drive_init()" Disk Format Security Bypass
From:	Eren Türkay <turkay.eren@xxxxxxxxx>
Date:	Thu, 8 May 2008 18:00:24 +0300
Delivery-date:	2008年5月08日 08:01:08 -0700
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date:user-agent:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; bh=uQ+cbLu0rjf1ckXbGAIPf+azGIa977DNYRikxl0wmGw=; b=RDsGXw1h7R0Z2Zt1uw5sbzvxZhhLrDk6l0Wg8Fdu4Ng7idPtIAXjCSn7ZVhFaAtRrDk2TxZ/rGam45nm6piW8CgagM1ySe9x4BKDHsUys//NjqDIzgLw8LHgajL5+waul/30DDAZfnZXtTJJFU0ob/zz19yGBPJ/OK6RXXzTyHA=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=cXMJyvGrjbMjfO/ssSGkmHASkdXDBfJNrrLjnGG9M9zccEYKklXB4mA5YCq5ViTvW9mChRiB8YaF9MY5n6L3rZ6yGEyEaQkAefOi9gsYNJEoLaWevlNUcYCMeL1PiZugPqt3Ig2wj7BkZMFL9p1vy3xU1oA0RER4/m8512s9iqs=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	KMail/1.9.9

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] QEMU "drive_init()" Disk Format Security Bypass, Eren Türkay <= Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass , Ian Jackson Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass , Eren Türkay Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass , Daniel P. Berrange Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass , Keir Fraser Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass , Ian Jackson Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass , Daniel P. Berrange Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass , Ian Jackson Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass , Daniel P. Berrange [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass , Ian Jackson Re: [Xen-devel] [PATCH] QEMU "drive_init()" Disk Format Security Bypass , Ian Jackson

Previous by Date:	RE: [Xen-devel] [PATCH 0/4] HVM Virtual S3 , Ke, Liping
Next by Date:	Re: [Xen-devel] [RFC] PVFB: Add refresh period to XenStore parameters? , Samuel Thibault
Previous by Thread:	[Xen-devel] [PATCH] minios: clear FB content , Samuel Thibault
Next by Thread:	Re: [Xen-devel] QEMU "drive_init()" Disk Format Security Bypass , Ian Jackson
Indexes:	[Date] [Thread] [Top] [All Lists]

WARNING - OLD ARCHIVES

xen-devel

[Xen-devel] QEMU "drive_init()" Disk Format Security Bypass